OnLogic Security Advisory Karbon 800 Series<OL-2025-080402>

Description:

Fix several critical vulnerabilities of specified BIOS versions, preventing damage from those vulnerabilities being exploited.

OnLogic Security Advisory ID: OL-2025-080402

Type: Advisory

Fixed Vulnerabilities:

Vulnerability	Description	CVSS Base Score	CVSS Vector String	Found version	Fixed version
CVE-2023-40238	OOB Write in RLE4 decode routine during BMP file processing in Insyde firmware.	5.5	CVSS:3.1 /AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	V2.05	V2.15
CVE-2021-41842,CVE-2024-27353 CVE-2024-25079,CVE-2024-25078 CVE-2022-36448,CVE-2022-35895 CVE-2022-35893,CVE-2022-35408 CVE-2022-34325,CVE-2022-24069 CVE-2022-24031,CVE-2022-24030 CVE-2021-45971,CVE-2021-45970 CVE-2021-45969,CVE-2021-43323 CVE-2021-42554,CVE-2021-41841 CVE-2021-41839,CVE-2021-41838 CVE-2021-41837,CVE-2021-33625, CVE-2022-46897,CVE-2022-35894	Fix issues discovered in InsydeH2O	7.5 ~ 8.2	CVSS:3.1 /AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	V2.05	V2.15
CVE-2023-45230,CVE-2023-45232, CVE-2023-45233,CVE-2023-45234	Fix ipv6 issues discovered in EDK2	7.5 ~ 8.3	CVSS:3.1 /AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H	V2.05	V2.15
BRLY-2023-002	Found and fix unsafe code flow.	8.2	AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H	V2.05	V2.15

First Public Date: 2025/03/11

Last Update Date: 2025/03/11

Affected Products:

Update BIOS version to V2.15

Updated on March 11, 2025

Keep In Touch.

Subscribe today and we’ll send the latest product and content updates right to your inbox.